Memorandum on the Coin Hive Case
＝A Case Illustrating What Constitutes the Crime of Creating a Computer Virus in Japan
The memoirs of the Hirano attorneys who handled the Coinhive case were published.
Defense in the Coin Hive Case - Google Docs (Japanese)
The conclusion was reversal of the case and acquittal, which I wrote about here.
I'll give it to you as an interesting one.
Now, however, there will be many remaining challenges
The published text of the decision is here.
Case No. 457, 2020, Unfair Directive Electromagnetic Records Storage
(Decision of the First Petty Bench, January 20, 2022)
First, the common violation of statutory clarity is dismissed at the outset as follows
In the appeal filed by defense counsel Takashi Hirano, the phrase "a person may not use electronic calculators
The use of a machine that does not operate in accordance with the intention of the user, or that
The phrase "unauthorized instructions to cause a person to act" is vague and imprecise.
The point about the violation of Article 1 is not premised on the fact that the said phrase cannot be said to be unclear.
The rest, including the points about violations of the Constitution and judicial precedents, are in substance mere violations of law and misrepresentations of fact.
It is an allegation and does not constitute grounds for appeal under Article 405 of the Penal Code.
"As described above, the program code in this case is recognized as counter-intentional, but not as fraudulent.
is not found, it is not considered to be an unauthorized electromagnetic record." Because the requirements for constituting Article 168-2, Paragraph 1 of the Penal Code are not met, "the original judgment (of the High Court) is set aside. The above-mentioned examination was conducted.
According to the discussion, the program code in question was denied as an unauthorized electromagnetic record, and the defendant's
The first trial court decision (district court decision) acquitting the defendant of the crime can be affirmed," the blogger adds.
Therefore, the two requirements of "counterintentionality" and "dishonesty" are important, and in what cases these requirements are or are not met.
Although the court decision has clarified the issue to some extent, it is important to keep an eye on the ever-changing software market from these two perspectives.
According to the Supreme Court
"Anti-intentionality is the general awareness of the function of the program in question.
the standard, and whether it can be evaluated as something that does not go against the will of the general user.
The general user should be judged normatively from the viewpoint that he or she is aware of the function in advance.
For programs that are not intended to be executed, the content of the function itself
the general user to use the program without being aware of its functions.
Anti-intentionality should be affirmed when it can be normatively assessed as not being permissible."
The court stated that "the court should affirm anti-intentionality in cases where it can be normatively assessed that
In the end, it is not so clear.
"The function of the program in question is generally recognized as it should be.
The judge needs to understand that it is generally considered to be recognized. I wonder how.
"Can it be evaluated as something that does not go against the will of the general employer?
should be judged normatively from the perspective
So another concept that is very difficult to evaluate has been introduced.
So, as for the unrecognizable form of the program
For programs that are not intended to be executed by ordinary users with prior recognition of their functions, anti-intentionality should be affirmed if, based on the content of the function itself, it can be normatively evaluated that the general user is not permitted to use the program without being aware of its function."
This means that it is important whether or not "it can be evaluated normatively that the general user is not allowed to use the program without recognizing its function.
Anyway, next, let's look at the following
As for the fraudulent nature.
"Fraudulent is a program that is anti-intentional, but is not a program
the user, or the interest of the user in the use of the program itself.
trust in the program when taking into consideration the presence or absence of alerts to possible disadvantages.
socially acceptable in terms of protection and proper information processing by computers.
The requirement is intended to exclude such cases from the scope of the regulation."
Even if anti-intentionality is recognized because "it is socially acceptable
The requirement is intended to exclude such cases from the scope of the regulation, since there are cases in which such cases are not covered by the regulation." The requirement is intended to exclude such cases from the scope of the regulation.
In short, it is a requirement that prevents all cases of anti-intentionality from being caught.
Coin hives are saved here.
However, since the legal interest to be protected is society, the second sentence is obvious: "Even in the case of a program with anti-intentionality, the existence or absence of a warning to the user of the disadvantages that may arise from the use of the program or the gain or loss of interest in the use of the program itself by the person assumed to be the user is taken into consideration" is important.
It seems that the factors to be judged are "gain or loss of interest of the user of the program" and "alerting the user to possible disadvantages" in a comprehensive manner.
Does this mean that there is no problem if there is zero disadvantage? Or, it may mean with consent, but I am not sure in relation to anti-intentionality. Anything that is damaging to the user and anything that shows no disadvantage would be NG.
I have a concern that this may soon be a screen full of reminders like cookies.
The disadvantage was indicated, the scope of the disadvantage is small, and it will be just in case as a risk management measure.
Hmmm... Of course, if it is too much, even if the warning is given, it will be recognized as fraudulent. I will hijack your PC -> YES! program would indeed not be considered "no cheating" (OK because the user consented to it). In this case, the "interests of the program user" and the presence or absence of a warning would be "taken into consideration.
In short, it would be a comprehensive judgment in the end. The "etc." is another key point.
In practice, I think that the practical solution would be to issue a warning so loudly as a way of avoiding the problem (which would also be related to anti-intentionality).
I don't know about this, but that seems to be the only way...